Port limiting on a Cisco 3550

Discussion in 'Cisco' started by jlamanna, May 6, 2009.

  1. jlamanna

    jlamanna Guest

    Hi,
    I'm trying to limit the total bandwidth on a port (essentially
    bandwidth limiting a customer) for both input and output.
    I've read various articles on how to do this correctly, though I don't
    seem to be able to get something that works effectively.

    Thanks.

    Here's parts of a relevant configuration that I think "should" work
    but doesn't appear to:

    mls qos map cos-dscp 0 8 16 24 32 46 48 56
    mls qos min-reserve 5 170
    mls qos min-reserve 6 85
    mls qos min-reserve 7 51
    mls qos min-reserve 8 34
    mls qos
    ip routing

    class-map match-all all-out
    match ip dscp default
    class-map match-all all-in
    match access-group 1
    !
    policy-map limit-out-5mb
    class all-out
    police 5242500 327656 exceed-action drop
    policy-map limit-in-5mb
    class all-in
    police 5242500 327656 exceed-action drop
    !
    interface FastEthernet0/2
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 87
    switchport mode trunk
    speed 100
    duplex full
    auto qos voip trust
    wrr-queue bandwidth 10 20 70 1
    wrr-queue min-reserve 1 5
    wrr-queue min-reserve 2 6
    wrr-queue min-reserve 3 7
    wrr-queue min-reserve 4 8
    wrr-queue cos-map 1 0 1
    wrr-queue cos-map 2 2 4
    wrr-queue cos-map 3 3 6 7
    wrr-queue cos-map 4 5
    priority-queue out
    service-policy input limit-in-5mb
    service-policy output limit-out-5mb
    !

    access-list 1 permit any
     
    jlamanna, May 6, 2009
    #1
    1. Advertisements

  2. jlamanna

    Guest Guest

    mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    access-list 100 permit ip any any

    mac access-list extended c_all_nonIP
    permit any any
    class-map match-all Got-all-nonIP
    match access-group name c_all_nonIP
    class-map match-all Got-all-IP
    match access-group 100


    policy-map T5M
    class Got-all-IP
    trust dscp
    police aggregate 5M
    class Got-all-nonIP
    police aggregate 5M
    trust cos

    interface fa0/1
    service in T5M
    service out T5M

    Flamer.
     
    Guest, May 8, 2009
    #2
    1. Advertisements

  3. jlamanna

    bod43 Guest

    Does that work on a 3550? I don't think so, would
    be very relieved if it does though:)

    As far as I understand it you have to manipulate the input
    and output queues yourself with some low level commands.
    Horrible stuff.
     
    bod43, May 8, 2009
    #3
  4. jlamanna

    Guest Guest

    I can confirm 100% that it does since i took it from my 3550 template.
    why don't you try it!

    Flamer.
     
    Guest, May 9, 2009
    #4
  5. That does not work.
    It cannot limit outbound traffic on the interface (if you try to apply
    the service-policy to 'output' you'll notice it does not take effect).
     
    James Lamanna, May 20, 2009
    #5
  6. jlamanna

    Guest Guest

    then apply it INBOUND on the other end of the link /uplink! duh.

    Flamer.
     
    Guest, May 21, 2009
    #6
  7. The uplink serves multiple customers and I want to limit 1 customer on
    the switch,
    so limiting the uplink wouldn't make much sense.
     
    James Lamanna, May 21, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.